Yes, it has come to this: cars can be hacked

In 2011, a team of researchers from two different universities demonstrated that they could wirelessly disable a car’s door locks and brakes.

Car manufacturers ignored them.

In 2013, a team of hackers demonstrated that they could hack almost every activity of a car, including turning off the engine, if they were wired in to the car.

Car manufacturers dismissed the demonstration because it required inside access to the vehicle.

This year, those same hackers have now completed the work they started. Here are the alarming aspects of their demonstration:

  • It was done wirelessly, over the Internet, from a basement ten miles away from where the car was being driven.

  • It could target vehicles anywhere in the United States via the vehicle’s cellular connection.
  • It took complete control of the car, including wipers, radio station and volume, brakes, steering wheel, and engine.

Let that one sink in a bit. If you are driving one of the newer cars for which this hack has been developed, it is possible for someone three states away to take control of your car, while you are driving it, and cut both your engine and your brakes while yanking your steering wheel to one side. Imagine that happening while you’re on a curvy mountain road, or when you have just pulled out in traffic for a left turn onto a busy highway. The guinea pig in this demonstration certainly found it alarming.

Jeep in a ditch

(A Jeep Cherokee rests in a ditch after hackers took control of it. Photo from Wired.)

Immediately my accelerator stopped working. As I frantically pressed the pedal and watched the RPMs climb, the Jeep lost half its speed, then slowed to a crawl. This occurred just as I reached a long overpass, with no shoulder to offer an escape. The experiment had ceased to be fun.

At that point, the interstate began to slope upward, so the Jeep lost more momentum and barely crept forward. Cars lined up behind my bumper before passing me, honking. I could see an 18-wheeler approaching in my rearview mirror. I hoped its driver saw me, too, and could tell I was paralyzed on the highway.

“You’re doomed!” Valasek shouted, but I couldn’t make out his heckling over the blast of the radio, now pumping Kanye West. The semi loomed in the mirror, bearing down on my immobilized Jeep.

I followed Miller’s advice: I didn’t panic. I did, however, drop any semblance of bravery, grab my iPhone with a clammy fist, and beg the hackers to make it stop.

There is a very real potential for carnage here. And car manufacturers have been ignoring the warnings, because staying ahead of the risks would involve investing money and hiring specialized computer experts for an activity they can’t monetize. There’s no market advantage (yet) for the boast that “we are serious about security in your vehicle.” Manufacturers would rather focus on making their cars more and more connected—but it’s those very connections that make the hacks possible. The entertainment panel in new cars is the vehicular equivalent of Adobe Flash on computers: vulnerable to hackers and a security nightmare, but irresistible to manufacturers who are competing with other manufacturers offering the same thing.

The hackers—who were working under an $80,000 research grant from the Defense Advanced Research Projects Agency (DARPA)—had tried to warn manufacturers, but their warnings fell on deaf ears and eyes full of dollar signs. They even shared their research with Chrysler for nine months. Chrysler’s response?

On July 16, owners of vehicles with the Uconnect feature were notified of the patch in a post on Chrysler’s website that didn’t offer any details or acknowledge Miller and Valasek’s research. […] Unfortunately, Chrysler’s patch must be manually implemented via a USB stick or by a dealership mechanic. That means many—if not most—of the vulnerable Jeeps will likely stay vulnerable.

Fortunately, the hackers were not depending on the ethics of Chrysler. They went to Wired magazine. Three days after their visceral, very public demonstration was published in a riveting article, Chrysler recalled 1.4 million vehicles to install the patch.

It is abundantly clear that car manufacturers will not do the right thing until they are strong-armed into it. Which is why the hackers will publish their work at this year’s Black Hat conference in Las Vegas, minus only the part of their attack that rewrites the car’s firmware. It is a risky move, because the firmware rewrite might be reverse-engineered by enterprising hackers with fewer morals. But upping the stakes is the only way to force car manufacturers to invest in our safety.

Posted in tech | 1 Comment

Questions from a young adult

Growing up

I received a letter from a young adult who is considering leaving her home town, where her parents serve as a safety net, and going someplace completely different — perhaps out of the country. She asked me a few questions and since I can only answer for myself, I decided to post them here (with her permission).

Could I ask you more about changes when one goes into adulthood and cannot rely on their parents anymore? I’ve asked a lot of people how they liked living as expats/immigrants but I’ve never asked someone on what are good decisions and bad decisions when ’growing up’. I thought that maybe I could ask someone what to do and what not to do when they are thinking of restarting their life in a new country. Could I ask you about what to do and what not to do?

The fact that she is asking, and willing to listen to answers, tells me that she’s already a good few steps down that road of growing up. I believe that one of the main markers of child/teen/young adulthood is self-focus. When we’re young, we see the whole world through the filter of “How does this affect ME? What does it mean for ME?” Maturing into adulthood means asking, “How does this affect and what does it mean for others?” It also means listening to others and accepting that they might actually have something worthwhile to say that we don’t already know ourselves.

And yes, I realize that by this definition, a startling number of people never actually grow up. Which I think is a realistic assessment.

If you have advice or experiences a woman on the cusp of growing up might benefit from, please share them in the comments.

Posted in life | 2 Comments

Wallpaper Monday

As I mentioned yesterday, I’ve been fantasizing about snow-covered mountains…but this works, too.

Iceland waterfall

Photographer Dominic Kemp writes:

Skógafoss is a waterfall situated on the Skógá River in the south of Iceland at the cliffs of the former coastline and is one of the biggest waterfalls in the country with a width of 25 m (82 feet) and a drop of 60 m (200 ft).

According to legend, the first Viking settler in the area buried a treasure in a cave behind the waterfall but I couldn’t find it…

(Click the image to cataractate.)

Posted in wallpaper | Leave a comment

Privacy vs. convenience

Spy

The blog has been quiet for several weeks because my brain has been fried. And I do mean that mostly literally. Here in the Algarve, we usually have a couple of awful weeks in August where it’s too hot to function, but this year the awfulness started in late June and has persisted throughout July, with an occasional cooler day just to remind us what it feels like to be able to breathe.

I’ve discovered that my creativity goes out the window when it’s too hot to think, as does my inclination to do anything besides drink iced tea and fantasize about snow-covered mountains.

The last couple of days have been easier, and neural activity appears to have resumed, so I thought I’d weigh in on the big to-do in the tech press regarding Windows 10 and its fairly immense intrusion on personal privacy.

If you’ve missed it, probably because you’re a normal person who doesn’t read tech blogs for fun, the gist is that the default settings on a Windows 10 installation gives Microsoft the right to scan the contents of your emails and documents and to monitor your online activity. It also allows Microsoft to use your spare bandwidth for its own purposes, such as seeding a download of the operating system to another customer, and to share all of your wifi passwords with your Outlook contacts, Skype friends, and Facebook friends.

It will also serve you personalized ads.

Now, you can opt out of these things, but it’s not the easiest thing in the world. RockPaperShotgun explains how to do it, and other outfits such as the Independent have repeated that information in a simpler format.

Most people won’t bother. The average Windows user hates getting into Settings and messing with anything, partly because it can be frightening and partly because it’s not convenient at all.

Which brings me to my post title.

Back in the old days of alt.net chat rooms and dial-up modems, it was trivially simple to be anonymous while using one’s computer online. It has gotten progressively more difficult as our world becomes more interconnected and permanently online, as our governments levy vast complexes of technology and huge work forces to spy on us, and as we have become accustomed to large companies giving us information and services for free. To be truly private these days takes one hell of a lot of work and some specialized tools.

That said, there are a few easy things even the least tech-savvy among us can do to increase our privacy and decrease governmental/corporate spying on our online activities:

*****

1. Use DuckDuckGo for your web searches rather than Google. DuckDuckGo’s entire raison d’être is to provide searches that are not tracked and not recorded. If you search for “lawnmower” on DuckDuckGo, you will not mysteriously be served with lawnmower ads for the next six months wherever you go on the Internet. I have it set as my default search engine both on my laptop and my phone.

2. Use Ghostery to block trackers while you are online. It’s a free extension available for all the main browsers and very easy to install.

3. Pay for an email account. Yes, Gmail and Yahoo Mail are free and everyone loves that, but when big companies offer you something for free, what it really means is that you are not a customer. You are the product being sold. Suck it up and pay a company to provide your email, and that company will not read all of your mail contents to see how they can better target you with ads.

4. Stay away from Facebook Chat or Messenger. Use a chat service that doesn’t scan your every word for ad targeting, and one that is encrypted. Apple’s Messages is encrypted end-to-end, including while on its own servers. Skype is also encrypted, but not while on the Microsoft servers, something Microsoft does not tell you. (In fact, Skype was specifically mentioned as being “a vital niche in NSA reporting” by analysts for the NSA’s PRISM program.)

There are other, lesser-known and very secure chat apps out there, but the barrier to using them is that all of your family and friends aren’t on them.

And that is always the tradeoff. Do we want privacy, or do we want convenience? Do we want to Facebook Chat with our friends because it’s so easy, or take the time to say, “Hey, let’s move to X App to chat” and then go to a different service? Get free email or pay for it? Use Google’s instant results or wait perhaps half a second for the much-smaller servers of DuckDuckGo to deliver our results? Leave Windows 10 on its default settings — enabling total access to everything we do — or take the trouble to go through 13 different screens in Settings, as well as an outside website, and reset all of them?

All of us have different levels of comfort in that tradeoff. But increasing our privacy (and reducing our hackability at the same time) doesn’t take a tech genius. It just takes a little time.

Posted in tech | 11 Comments

More cool factoids about New Horizons

Until a couple of days ago, this was the best, most detailed image we had of Pluto:

Pluto before

And now we have this:

Pluto after

We humans can be pretty awesome.

According to NASA’s press release, the accuracy of the New Horizons flyby was, well…out of this world.

New Horizons’ almost 10-year, three-billion-mile journey to closest approach at Pluto took about one minute less than predicted when the craft was launched in January 2006. The spacecraft threaded the needle through a 36-by-57 mile (60 by 90 kilometers) window in space — the equivalent of a commercial airliner arriving no more off target than the width of a tennis ball.

The tennis ball thing is amazing enough, but it’s the one minute part that gets me. As one science geek described it on Twitter:

Pluto tweet 1

Pluto tweet 2

I hereby approve the verbing of “science.” We scienced like nobody’s business!

Did you know that New Horizons is the fastest spacecraft we’ve ever launched? Of course it’s all very fun to toss around stats like “faster than 30,000 mph” or “14 kilometers per second,” but what does that really mean in terms we can visualize? xkcd artist Randall Munroe published a good illustration:

Here’s my favorite comparison for putting that speed in perspective: If you were standing at one end of a football field and fired a gun toward the other end, right while New Horizons flew past you, the spacecraft would reach the far end zone before the bullet made it to the 10-yard line.

New Horizons What If

He also mentioned that in the same amount of time, a speeding car would travel about one inch (2.5 cm).

But the best news of all is that New Horizons called home. During the flyby, it was too busy gobbling up all the data it could to pause for a communication, so the project team chewed their fingernails as they waited for the first scheduled reconnection. Given the probe’s proximity to Pluto and any debris that might be twirling around in the planet’s orbit, this was a moment of relatively high potential for something to go kapow. After all, at 14 kilometers per second, all it would take would be a bit of rock or ice the size of a rice grain to destroy the probe.

Here is a team of happy scientists, finding out that their baby has phoned home:

Yep, we scienced really well.

Posted in Uncategorized | 1 Comment

Cool factoids about New Horizons

New horizons pluto

You’ve probably heard a lot about the New Horizons probe lately, and there’s a good reason for that. Tomorrow, July 14, the probe will fulfill its destiny. After nine and a half years of travel, it will zip past Pluto, madly taking photos and measurements as it goes.

And then—fwoosh!—it will keep going into the depths of space, leaving Pluto behind. The probe will continue its studies of the dwarf planet and its moons, but July 14 is the closest approach. After that, they’re in the rearview mirror.

The first thing any critical person asks when they read that is, “One day of payoff after 9.5 years of travel? Why not drop into orbit and stay there, like Cassini?”

Good question. The first answer is: physics. But the real answer is money.

Here’s the physics part: braking a fast-moving probe—and by fast, I mean “traveling at 32,000 mph”—takes a lot of fuel. You have to rotate it in place and fire thrusters against the direction of travel. Given the speed that must be overcome, that’s a lot of thruster use and a lot of fuel. After braking is accomplished, completing course corrections and maneuvers for orbital insertion takes more fuel.

The money part: launching a probe carrying a big load of fuel is much more expensive than launching a probe carrying a minimum load of fuel. That stuff is heavy. It costs a lot to get it off the ground and into space. And NASA has never been the budgetary favorite of the US Congress.

The New Horizons team had limited funds, so it had to make the same choice that most probe teams are forced to make: give up speed, or give up the duration of study. Now, if you’re studying Mercury or Mars, giving up speed is a good option. They’re not that far away; you can wait a few more months.

But Pluto is way, way, way out there. Several billion kilometers out. Had the New Horizons folks decided to fly slower in order to conserve fuel for braking and an orbital insertion, they might have been retiring by the time the probe arrived.

And that’s why the world’s astronomy geeks are so excited about tomorrow. After 9.5 years, tomorrow is the Big Day.

New horizon approach

*****

Now then: imagine you’re on the New Horizons team, and you’ve been waiting since January 2006 for your probe to make its Pluto flyby. And then, ten days before the big event…the probe goes dark. Zzzt. No data, no connection, nothing. For all you know, it hit an asteroid and went kablooey.

That is exactly what happened to these poor scientists. Suddenly, anticipation turned to terror. Their probe was 4.5 hours away for communications purposes. Every command they sent, every query they tried, would take 4.5 hours to arrive at the probe. The probe’s response would take 4.5 hours to come back. The team had a nine-hour lag time for their repair efforts, and a ten-day deadline. If they couldn’t find and fix the problem in that time, then nine and a half years of waiting was down the toilet.

It was, as the mission leader later said, their “Apollo 13” moment. Everyone raced to the office and went into crisis mode, and nobody left until it was resolved. The Mission Operations manager slept on the floor of her office two nights in a row.

The official statement given at a press conference during the crisis was that this was an “anomaly” and a mere “speed bump.” In reality, they were all sweating bullets. But they figured it out. The details of exactly what happened, and how the team debugged their probe’s computer from three billion miles away, makes a great story that you can read at the Washington Post.

*****

Although July 14 is the closest approach, that’s not when the scientists will get their data. New Horizons can only transmit at about one kilobit per second, so it will have to store up its data and trickle it back to Earth over the next two or three months. It will be like a never-ending Christmas.

*****

After whizzing past Pluto, New Horizons will head deeper into the Kuiper Belt to examine one or two of the icy bodies out there. All of this data, from Pluto and any other Kuiper Belt object, is brand new stuff to us. We know next to nothing about this distant region of our solar system.

*****

When New Horizons launched, Pluto was still a planet. The decision to downgrade it to “dwarf planet” occurred eight months after launch—and was made by just 424 astronomers who had stayed for the last day of a meeting of the International Astronomical Union (IAU) in Prague.

New Horizon’s mission leader was quoted as saying, “I’m embarrassed for astronomy. Less than 5 percent of the world’s astronomers voted. This definition stinks, for technical reasons.”

He expected the astronomy community to overturn the decision. He’s still waiting.

*****

When New Horizons launched, there was no such thing as an iPhone. The first iPhone didn’t come out until a year and a half later. That’s how long the little probe has been traveling…and it all comes to fruition tomorrow.

Posted in astronomy, event | 2 Comments

The strange invisibility of Rui Costa

Rui Costa

As an American, I’m used to seeing my countryfolk focused on and featured in various international athletic events. Eurosport and British coverage of such events always make sure to put the camera on American competitors as well as those of other nationalities, even when the Americans aren’t doing all that well. Apparently, we get coverage by virtue of our citizenship.

At least, that’s my guess, because it’s the only thing that explains the strange invisibility of Rui Costa on every Tour de France he has taken part in.

For those not into cycling, let me explain. Rui Costa is the pride of Portuguese bike enthusiasts and an all-around great rider. He’s currently the national road race champion, and last year he was the world road race champion—the first Portuguese to wear that rainbow jersey. He is the only cyclist to ever win the Tour de Suisse in three consecutive years (2012, 2013, 2014). He won a stage in the Tour de France in 2011, and then won two more in 2013. Right now, he is ranked fourth in the International Cycling Union (UCI) men’s road cycling. Here are the top 20, including many names you’ll recognize if you watch bike racing.

2015 UCI standings

All of which is to say, this man is a star in the international racing scene.

Yet we don’t see him in the video coverage of the Tour de France. The cameras almost never focus on him. The official Tour news updates don’t mention him. Non-Portuguese news coverage doesn’t mention him. I read several articles yesterday about the massive crash during Stage 3, which listed the riders who were injured. Rui was inexplicably left out, despite having had a bike smash into his back at 50 kph after he had hit the tarmac and slid to a stop…and despite being clearly visible on video trying to get up in the aftermath. Though of course the cameras never actually stopped on him.

We play a game of “spot Rui” while watching the Tour. It’s always a challenge, because he’s usually visible for one or two seconds as the camera pans over the riders. But I can’t figure out why we should have to work so hard for it, and why such a top rider is so generally ignored.

Maybe it’s because he doesn’t grandstand. Nor does he throw his bike after a disappointment, or get in fights, or shout at the tour organizers in their cars when they make a decision he doesn’t like. Instead, he focuses on doing his best and staying in contact with his fans, to whom he invariably dedicates his efforts. He’s a true gentleman athlete…and I guess that’s not exciting enough.

Posted in Portugal, sport | 2 Comments

Le Tour is coming!…and other tidbits

Tomorrow is a day my wife and I look forward to all year: the start of the Tour de France. For the next three weeks, we will arrange our work and social lives around the television as we absorb gorgeous scenery, team tactics, mind-blowing athletic prowess, half-insane fans, and the slings and arrows of outrageous fortune. They’re all part of the best sporting event of the year.

Tour de france horse

For some odd reason, many non-cycling Americans have no idea why Le Tour is so much fun to watch, as if the scenery and photo-worthy moments such as the one above aren’t reason enough. Which is why the AV Club put together a great list of “10 reasons why you should watch the Tour de France this year.” It’s all true and also serves as an excellent primer for Tour newbies.

We’re excited—and getting ready to cheer on our own Rui Costa, Portugal’s road champion, whose goal is to finish in the top 10. And that’s one of the things that makes Le Tour so different. In what other sporting event do top athletes train all year for a goal of not being number one? But there are so many ways to win in Le Tour, and so many people/teams to root for (not to mention plenty of time to change your mind as the race moves on), that the whole thing is uplifting. It’s not a winner-take-all event. For many riders, merely surviving the whole race is a win. For the viewers, it’s always a win.

***

In completely different news, a short, profanity-filled video has been making the geek rounds lately. It was taken by a cyclist who saw something really, really weird happening in the sky and pulled over to film it. The cyclist was understandably freaked out by the event, and swore a bit to himself (so the video is NSFW unless you mute the sound), but it isn’t actually an alien signal for invasion. It’s a weather phenomenon called a crown flash. If one were more poetic, one could call it dancing ice crystals.

Bad Astronomer Phil Plait explains the science behind this flashing, moving beacon:

What’s happening here is a wispy cirrus cloud, made up of ice crystals, is being impinged upon from below by a rising cumulus cloud. If the ice crystals in the cirrus are long and needle-shaped, they’ll align themselves with the electric field of the lower cumulus cloud, which is generated by up- and downdrafts inside the cumulus cloud. When the electric field suddenly changes (due to, say, lightning discharges inside the cloud), the ice crystals can snap into a different orientation, reflecting and refracting sunlight in a different direction (note that the plume in the video is the same color as the Sun). They do this as a group, making it look like huge coherent structures are suddenly changing shape.

In other words, you’re watching an electrical field shifting and snapping like a living thing, and moving ice crystals with it. SO cool. Kudos to the cyclist, who—though freaked—did not run away but filmed the phenomenon instead. Astronomy and meteorology geeks the world over are grateful.

***

In the biology world, artist Stefan Siverud has been painting and decorating urban snail shells in a project called Snailpimp. His efforts certainly destroy any camouflage the snails have, but when a despised species must share its world with humans, sometimes standing out can be an advantage. I’ve seen people crush snails just for the “fun” of it, a concept I don’t understand, but my guess is that none of these decorated snails will ever get stepped on. For more photos, check out Mental Floss.

Snailpimp8

***

Speaking of Mental Floss, the site recently had an article explaining how people clean up after their seeing-eye dogs. Long-time readers of this blog will know that I think there’s a special place in the underworld for people who let their dogs crap on sidewalks or in parks and then just walk away from it, so it’s kind of surprising that I never thought about how visually-challenged people deal with this necessary task. Turns out that their dogs are even more thoroughly trained than I’d ever thought. Check out the article for specifics. Busy busy!

***

And finally, something to make you smile. Dutch punk singer David Achter de Molen performed a rock-god feat at the PinkPop festival in the Netherlands last month: he caught a beer thrown by a fan. While he was crowdsurfing. With utter panache. And did I mention that the beer was in a cup? Check this out.

Beer catch

Over at Slate, a science team tried to recreate this magnificent feat of athleticism—both the perfect throw and the nonchalant catch—and discovered that, while possible, it is much harder than it looks. This moment may go down in music history.

Posted in life, science, sport, video, weather | 7 Comments

Wallpaper Monday

Namibia trees

Beverly Houwing took this impeccably timed sunset photo in Namibia. In her caption for the National Geographic Photography contest, she wrote:

The dead trees at Dead Vlei, in Sossusvlei, Namibia, create stark silhouettes against the intense orange color of the sand. A dune towering 1,000 feet creates a backdrop as the shadow cast by a nearby dune moves across the wall of sand and shades the ground and trees of the dry mud flat.

It looks like a painting with exaggerated colors, but it’s a real landscape.

(Click the image to embiggen.)

Posted in wallpaper | Leave a comment

The Adorable Octopus

One of the things scientists and naturalists are often loathe to admit in public is that they find all sorts of things cute. For instance, when I worked at a public aquarium, one of my favorite creatures in the whole place was an anemone about three centimeters in diameter. Most people didn’t even notice it in the tank, but I visited it on a regular basis. Oh, little Proliferating Anemone, I miss you!

So it’s always fun when a scientist declares, on video, that she finds something so darn cute that she’s thinking about enshrining its cuteness in its official taxonomic name.

Meet what might end up being the Adorable Octopus, Opisthoteuthis adorabilis. From the YouTube text:

What do you call a tiny octopus with big eyes, gelatinous skin and [which] is cute as a button? Nobody knows quite yet! Stephanie Bush of the Monterey Bay Aquarium Research Institute aims to classify and name this presently undescribed deep-sea cephalopod using preserved specimens and a clutch of eggs housed at the Monterey Bay Aquarium.

I’m guessing MBARI got some worried emails about fragile eggs being under a microscope, because the YouTube text was modified to add:

**DISCLAIMER** from Dr. Stephanie Bush: The Opisthoteuthis eggs depicted in this video are preserved specimens, not the eggs laid at the Monterey Bay Aquarium (which are still being lovingly incubated at MBARI’s Cold Storage Facility!).

Well, that made me feel better. Go, eggs, go!

(Also…did anyone else get a Finding Nemo vibe while watching this video? “I shall call him Squishy and he shall be mine, and he shall be my Squishy.”)

Posted in biology, video | 2 Comments